Category Archives: Security

Protecting your blog from spam comments

If you blog you want comments for conversation with your readers, feedback on your work or to receive suggestions for improvement. You can set comments to be made anonymously, but in general it is best to have people who want to contribute comments to identify themselves.

There will be comments from unknown sources which are out of context or raise concern about their genuineness. These “spam comments” might be approved by you as the ‘Blog moderator’ and therefore appear on your blog.

The spammer is promoting links via comments on various blog postings. They don’t care who the blogger is. The spammers are hoping that you may approve all the comments in one go.

the WordPress dashboard showing comments

You can see comments by clicking on the menu in the left-hand of your WordPress dashboard

In the dashboard (above) you will see the genuine comments mixed with the spam. You can also filter by the categories shown in the top navigation menu of the comments in the dashboard.

To avoid your blog being overrun in this way:

  1. Don’t approve a comment which is out of context with the post
  2. When approving a comment check if it has any Web link associated to it, but be very careful of clicking on any link you are suspicious of
  3. Check the sender’s name, anonymous, unusual email address, is the sender’s name hyperlinked. Check all of these for authenticity.
  4. Check if the comment is being made on a recent post, or an older one.
  5. Ask your blog readers to report comments for spam or if they are offensive

Here’s a real comment:

“I was recommended this blog by my teacher. Its amazing! Thanks!”

This information seems to be of little threat. However the settings of your blog may mean that if you allow a username to comment once, then their comments are not moderated, i.e. the blog moderator does not have a chance to check it for its authenticity.

As the moderator of a blog you can set WordPress to notify you by email when comments are received. Be prepared for many spam messages! In particular you should always use the dashboard to actually work with comments. Although you can click links to approve comments from your email, it is only in the dashboard that you’ll see all the information WordPress can show you about the comment/commenter.

We have more suggestions for securing your blog.


Leave a comment

Filed under Security

Assign different roles to people who contribute to your blog

To ensure you may always have control of your blog you should assign roles carefully to the people who write for you:

  • contributor
  • author
  • editor
  • admin

They all have different levels of access to your blog.

If the primary admin changes job or is otherwise unavailable, you will still want to have access to the page. And anyone can have their WordPress account compromised. You might get hacked, and it is easy to forget your login – then blogs under your control are in jeopardy. Therefore you should give more than one person admin rights.

If possible you should require all require all admins to have 2-factor authentication (sometimes called login approval or verification) enabled on their WordPress account. This requires users to enter a code they receive via text message if WordPress doesn’t recognise the device they are logging in from. So, even if a hacker obtains their password, they still wouldn’t be able to access their WordPress account (and your blog) without the code.

We have more suggestions for securing your blog.

Leave a comment

Filed under Security

Don’t feed the trolls!

In a previous post we mentioned Dr Melissa Terras’ excellent presentation about ‘Is blogging and tweeting… worth it?’ – in the same presentation Melissa very openly and honestly examined her experience of the nastier side to having an online presence.

Dr Melissa Terras

Audio and video podcasts are available of Dr Melissa Terras presenting “Is blogging and tweeting about research papers worth it?”

What can go wrong?

Blogging about an academic study should provoke discussion with comments on your blog, and (as we wrote in a previous post) you have a responsibility to label your tolerance and response to negative comments. Dr Melissa Terras, UCL speaks about Is blogging and tweeting about research papers worth it? The Verdict. (Also available as audio or video podcasts podcasts in the University of Oxford Engage series.)

When Melissa became the subject of inappropriate comments and other activity designed to rubbish her reputation she found it hard to cope. Reflecting back Melissa has a number of suggestions for how to react:

  • Don’t feed the trolls!
  • If you know someone who is behaving badly: tell them.
  • Take the conversation offline, and talk directly, or find an intermediary who can do so for you.

This is part of the first series of posts about securing your blog.

Leave a comment

Filed under Security

The moderator’s responsibilities

You must take responsibility for your blog and for others’ comments. There are some important steps to take to protect your blog from, for example, spam comments advertising unsavoury pharmaceuticals or worse.

This will be the start of a series of posts encouraging you to think about writing carefully in your blog, e.g.:

  • Don’t post anything online that you wouldn’t say in person
  • Be selective about posting about your on-going research, although blogs and social media is an excellent way to share “prototypes”
  • Be cautious about posting photos or the names of other people if you’re involved in a sensitive issue

You must also take responsibility not just for your own words but for the comments you allow on your blog, e.g.

And you should follow these Essential WordPress Security Tips – Is Your Blog Protected? 

We’re blogging for the pursuit of academic study, but is it enough to lock down your blog so that anonymous comments are not allowed? Maybe you want to signal your appetite for discussion on the blog – we’ll show you how…

1 Comment

Filed under First Steps, Security